With 1.7.34-6: > - the fixes in POSIX ACL handling and the effect this has on the standard > POSIX group permissions, as well as the accompanying new setfacl(1) > options -b/--remove-all and -k/--remove-default. > > Seehttps://cygwin.com/cygwin-ug-net/using-utils.html#setfacl > andhttps://cygwin.com/faq.faq.html#faq.using.ssh-pubkey-stops-working > andhttps://cygwin.com/faq.faq.html#faq.using.same-with-rhosts Group permissions are now composed of multiple ACL entries, like: -rw-rwx---+ 1 towo Domain Users 128 Feb 5 13:36 x with ACL: # file: x # owner: towo # group: Domain Users user::rw- group::r-x group:SYSTEM:rwx mask:rwx other:---
chmod g-wx does not work on x, only after setfacl -d group:SYSTEM x , the g-w bit is gone. This is surprising behaviour (and has been discussed in a specific context in another thread); the explanation is hidden in only roughly related sections of the user guide (setfacl) or even the FAQ, and is not found in the section Permissions and Security where one would look first; I suggest to add an illustrative section there. However, I am not yet convinced that the explanation makes it less surprising from a POSIX point of view because the file does not have the group 'SYSTEM' which is responsible for the g+wx flags. Maybe ls -l should display a more permissive group (in the example case SYSTEM rather than Domain Users) to give the user a hint? How is this handled on other ACL systems? (I can check next week.) Thomas -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
